Last modified: 4/27/2021
CSS Services, Inc. (“CSS” or “We” or “Us”) respects your privacy and is committed to protecting it through our compliance with this private policy (“Policy”).
This Policy describes:
1) The type of information we may collect or that you may provide us when you browse, access, and/or use: i) our website at www.CsSServicesInc.com.com (our “Website”); ii) our OPTIRENT software (“Software”) accessible at www.optirent.cssservicesinc.com.com.com; and/or iii) any of CSS’s services, products, other websites, Software, or mobile applications (collectively referred to as “Services”); and 2) Our practices for collecting, using, maintaining, protecting, and disclosing that information.
This Policy does not apply to: 1) information that you provide to any third party that may be accessible from or on our Website and/or Software; and 2) information collected by any other third party website, as they may have their own privacy policies, which we encourage you to read before providing information on or through them.
Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, do not download, register, purchase, access and/or use the Website, Software, or any of our Services. By accessing and using the Website, Software, or any of our Services, you agree to this Policy.
Information We Collect and How We Collect It
When you interact with our Website and/or Software, we collect information:
- When you provide it to us; and/or
- Automatically when you interact the Website and Software.
Information You Provide to Us
When you interact or use our Website and/or Software, we collect:
- Information by which you may be personally identified, such as, your name, postal address, email address, telephone number, employer, job title, and/or any other identifier by which you may be contacted online or offline (collectively referred to as “Personal Information“);
- Information that is associated with you, but does not individually identify you, such as, for example, information you provide by filling in forms on our Website, registering to use our Software, and/or creating an account, including information about the best way to contact you, the type of Services you are interested in, and/or scheduling a demo of our Software;
- Information that you provide in response to surveys that we might ask you to complete for research, advertising, and/or business purposes;
- Information you provide when you enter a contest or promotion sponsored by us, or when you report a problem with our Website;
- Information you provide in connection with using the Website and/or Software, including property information, such as where a property is located (city and state), owner information, and other property-related information (such as the amount and breakdown of rent owed);
- Credit card or other payment account information, which may be required when using our Software, or our Website or Services; and
- Information, data, and files that you submit or upload to the Software in connection with one or more properties, such as lease agreements, rent ledgers, and the like.
Automatic Information Collection and Tracking
The technologies we use for automatic information collection may include:
- Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
- Web Beacons. Pages of our Website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs), which allows us to count the number of users: i) who have visited certain pages of our Website; ii) opened emails we may send about our Services, new products, or other updates; and/or iii) collect web related statistics (such as, for example, recording the popularity of certain content on our Website).
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your Personal Information will be handled by these providers.
- Discloses that content (including advertising) provided by third parties may include cookies or other tracking technologies.
- Clarifies that the site operator does not control and is not responsible for those third parties’ practices.
- Encourages users to visit the third parties’ websites to learn about their privacy
If the website may collect personal information from California residents, to comply with CalOPPA it must disclose whether third parties may collect personally identifiable tracking information from consumers that use the website (Cal. Bus. & Prof. Code § 22575(b)(6)). This section includes a disclosure that third parties may collect this information. While an operator that does not allow third parties to collect this information from the website may wish to state that instead, unless the operator controls, hosts and serves all content on the website, it is difficult or impossible to control in practice.
Similarly, Nevada’s online privacy law specifically requires covered operators to disclose whether a third party may collect covered information about an individual consumer’s online activities over time and across different websites or online services when visiting the operator’s website or online service (NRS § 603A.340(1)(d)).
How We Use Your Information
We use information that we collect about you or that you provide to us, including any Personal Information:
- To present our Website and/or Software and its contents to you.
- To provide you with information, products, or Services that you request from us.
- To fulfill any other purpose for which you provide it.
- To provide you with notices about your account.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To notify you about changes to our Website, Software, or any Services we offer or provide though it.
- To allow you to participate in interactive features on our Website or Software.
- For any other purpose with your consent. For example, based upon your expressed consent, We may interface and/or provide information on your behalf to a third party, such as, for example, a collection agency, an accounting system, and/or a payment processor.
We may use the information we have collected from you to enable us to display advertisements to our advertisers’ target audiences. Even though we do not disclose your Personal Information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.
Close Drafting Note
How We Use Your Information
The disclosure can be quite general, but the site operator should specify any non-obvious uses. In particular, the policy should clearly state in this section whether the website operator intends to use the information for:
- Direct marketing purposes (see Practice Notes, Direct Marketing and CAN-SPAM Act Compliance).
- OBA (see Practice Notes, Online Advertising and Marketing: Online Behavioral Advertising and Tracking Technologies: Privacy and Data Security Issues. See also the FTC’s OBA Principles).
The disclosure in this section should address the site operator’s own uses of the information for these purposes, which may include uses on behalf of third parties and address any OBA obligations established by self-regulatory codes of conduct. See Practice Notes, Drafting Privacy Notices: Applicable Law and Principles and Direct Marketing: Privacy Principles. This disclosure is distinct from the sharing of personal information with third parties for marketing purposes, which should be addressed in the Disclosure of Your Information section.
- Updating their account profiles directly.
- Sending an e-mail to the site operator.
(See Drafting Note, Choices About How We Use and Disclose Your Information.)
Disclosure of Your Information
We may disclose aggregated information about our users and information that does not identify any individual, without restriction.
We may disclose Personal Information and/or confidential information that we collect, or you provide (including aggregated information about our users):
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our business.
- To fulfill the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request. and
- To enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
Close Drafting Note
Disclosure of Your Information
The policy should identify:
- The categories of third parties with which personal information may be shared.
- Under what circumstances it may be shared.
- For what purposes it may be shared (for example, for credit card clearance, credit reference, order fulfillment, delivery, data analysis, or customer support).
The policy should specify that the site operator has the right to transfer user information in connection with a sale of the business or its assets. This provision should state unambiguously that it includes sales in bankruptcy or liquidation where the business is not continuing as a going concern.
Website operators should not make overly broad promises in their privacy policies that do not reflect the site operator’s actual information collection and sharing practices, for example “we never disclose your information to third parties.”
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your information:
- Disclosure of Your Information to Third-Parties. We will not interface with a third party on your behalf or disclose information about you to a third party without your expressed consent. If you do not want us to share your any information about you, including Personal Information with unaffiliated or non-agent third parties, then you can opt-out by not providing your consent and/or by sending us an email with your request to firstname.lastname@example.org.
- Promotional Offers from the Company. If you do not wish to have your email address/contact information used by the Company to promote our own or third parties’ products or services, you can opt-out by sending us an email stating your request to email@example.com.
Close Drafting Note
Choices About How We Use and Disclose Your Information
The sample paragraphs in the section above may apply depending on how the website is operated and should be modified and supplemented to reflect the website’s actual operations. In particular, the site operator should consider choices relating to:
- Use of information by the site operator for advertising, marketing, and promotional purposes.
- Disclosure of personal information to third parties for their advertising, marketing and promotional purposes.
- Use of personal information for OBA.
A company should always give an opt-in choice for certain uses and disclosures involving sensitive personal information. See Practice Note, Drafting Privacy Notices: FTC Guidance and Enforcement. Depending on applicable law, sensitive information may include:
- Medical or health conditions.
- Racial or ethnic origin.
- Political opinions.
- Religious or philosophical beliefs.
- Trade union membership.
- Sex life.
Nevada’s Personal Information Sales Opt-Out Law
Nevada requires commercial internet website operators covered by the state’s online privacy law to provide a designated address through which Nevada residents can submit a verified request to stop certain personal information sales (NRS § 603A.300 to 603A.360; Nevada SB 220). As currently written, this requirement applies to all operators within the law’s jurisdictional scope, even if the operator does not actually sell personal information under the statute’s narrow definition of those terms.
All operators covered by Nevada’s online privacy law should include the section’s optional paragraph disclosing the designated request address. Operators that do not sell covered information under the statute may include the paragraph’s optional sentence disclaiming such sales, but it must ensure the policy gets updated or revised if it ever starts selling personal data. To avoid potential policy inconsistencies, the operator may delete the optional sentence and just explain its current sales practices when it responds to any opt-out requests.
The covered operator can use one or more of the following contact methods for its designated request address:
- Electronic mail address.
- Toll-free telephone number.
- Internet website form.
(Section 1.3, Nevada SB 220).
To learn more about Nevada’s opt-out law, including its coverage scope and exceptions, see Legal Update, Nevada Gives Consumers ‘Do Not Sell’ Rights Under Online Privacy Law and Preparing for Nevada’s Personal Information Sales Opt-Out Law Checklist.
We will use your information and/or Personal Information you give to us in order to process your payment for the purchase of our Software and/or Services from our Website. We only use third party payment processors that take the utmost care in securing data and comply with the GDPR. Close Drafting NoteAccessing and Correcting Your Personal Information
Allowing individuals the opportunity to review and correct their personal information is also considered a good practice. See Practice Note, Drafting Privacy Notices: FTC Guidance and Enforcement.
Nevada’s online privacy law contains a similar requirement to disclose and describe any process to review or correct personal information collected that exists (NRS § 603A.340(1)(b)).
The sample paragraphs in the section above may apply depending on how the website is operated and should be revised and supplemented to reflect the website’s actual operations. The policy should not include this section if users cannot access or correct their personal information.
Close Drafting Note
Your California Privacy Rights
Additionally, if the website operator shares the personal information of California residents with third parties for direct marketing purposes, and does not provide users with a free option to opt-out of that information sharing, California’s “Shine the Light” Law may require the website operator to provide the person with specific disclosures upon request (see Practice Note, California Privacy and Data Security Law: Overview: Shine the Light).
Website operators that grant users a free option to opt-out of sharing information with third parties for marketing purposes do not need to include the optional clause describing their “Shine the Light” rights (see Drafting Note, Choices About How We Use and Disclose Your Information).
Data Security & Storage
We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind redundant firewalls in an ISO 9001 certified data center.
The safety and security of your information is important to us. To ensure your Personal Information is secure, our database serves have no direct connection to the Internet. Also, physical access of our database serves is subject to badge, biometric (fingerprint), and physical key access restrictions. Likewise, network access to the servers requires VPN access employing 2 Factor Authentication and Public/Private Key validation
In addition, all data entry and display are transmitted over SSL, where SSL robustness is routinely validated using Qualys SSL Labs. Social Security numbers are encrypted using AES256 encryption and scrubbed when no longer needed. Backups are encrypted using AES256 encryption and stored in a secure storage facility (Carbonite). The web application is routinely subjected to vulnerability scans and web application scanning. Finally, security patches are routinely applied to production and development servers
Please note that we do not currently receive or store any credit card information.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Lastly, we use reasonable efforts to make sure our data processors are GDPR-compliant.
Unfortunately, the transmission of information via the internet is not completely secure; however, we follow all PCI-DSS requirements and implement additional generally accepted industry standards to protect your Personal Information; however, we cannot guarantee the security of your Personal Information transmitted to our Website. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
California Privacy Rights
If you are a California resident, California law may provide you with additional rights regarding our use of your Personal Information. California law permits residents of California to opt-out of our Company’s disclosure of Personal Information to third parties for direct marketing purposes. You may choose to opt-out of the sharing of your Personal Information with third parties for marketing purposes at any time by submitting a request in writing to firstname.lastname@example.org. Please note that this opt-out does not prohibit disclosure made for non-marketing purposes.
In addition, California law also permits residents of California to request from us, once a year, a list of the third parties (if any) to whom we have disclosed your Personal Information for their direct marketing, as well as the type of Personal Information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an e-mail to: email@example.com. Requests via written mail, telephone, or facsimile will not be accepted. The e-mail subject line and the content of your request must include the phrase “Your California Privacy Rights,” and include your name and e-mail address. Please allow 30 days to receive a response to your inquiry.
Legal Notice and Disclaimer
CSS is not a law firm or a collection agency. Information listed on our Website and Software is informational only and does not constitute legal advice. All communications sent from CSS or any of its employees is not legal advice or an attempt to collect any debt, including a third-party debt. For all legal questions, we highly recommend that you consult with an attorney qualified to provide you with legal advice in your jurisdiction.
Close Drafting Note
- It is collected after the date of the changes.
- The user consents to the changes.
Website operators wishing to materially change the use they make of personal information they hold should obtain the users’ opt-in consent by notifying them of the changes and obtaining their affirmative agreement. This notice typically is provided by either or both:
- Notice posted on the website requesting click-through consent.
Website operators should adapt this section to reflect exactly how the site operator notifies users of policy changes.
To ask questions or comment about this Policy and our privacy practices, contact us at: firstname.lastname@example.org.